Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [ee4j-pmc] Fwd: Your GitHub security alerts for the week of Oct 23 - Oct 30

Title: Security alerts on GitHub
I'm not sure who gets these.  You may have to be a Committer on the project or an admin for the organization.

Steve Millidge (Payara) wrote on 10/31/2018 02:24 AM:

I don’t get these at a PMC level.

 

From: ee4j-pmc-bounces@xxxxxxxxxxx <ee4j-pmc-bounces@xxxxxxxxxxx> On Behalf Of Bill Shannon
Sent: 30 October 2018 23:55
To: EE4J PMC Discussions <ee4j-pmc@xxxxxxxxxxx>
Subject: [ee4j-pmc] Fwd: Your GitHub security alerts for the week of Oct 23 - Oct 30

 

Is anyone on the PMC tracking these security alerts?

Shouldn't someone ensure that the EE4J projects are responding to these in a timely manner?


(Obviously ignore the "javaee" entries below.)


-------- Forwarded Message --------

Subject:

Your GitHub security alerts for the week of Oct 23 - Oct 30

Date:

Tue, 30 Oct 2018 17:36:28 +0000 (UTC)

From:

GitHub <noreply@xxxxxxxxxx>

To:

Bill Shannon <bill.shannon@xxxxxxxxxx>





Explore this week on GitHub

GitHub security alerts

GitHub security alert digest

bshannon’s repository security updates from the week of Oct 23 - Oct 30

Java EE organization

 

Warning!

javaee / metro-jaxws-commons

Known security vulnerabilities detected

Dependency org.springframework:spring-core

Version > 3.2.0 < 3.2.15

Upgrade to ~> 3.2.15

Vulnerabilities

CVE-2015-5211 High severity

CVE-2018-1270 High severity

CVE-2018-1275 High severity

CVE-2015-3192 Moderate severity

CVE-2016-5007 Moderate severity

View 3 more

Defined in pom.xml



Review all vulnerable dependencies

 

Warning!

javaee / javadb

Known security vulnerabilities detected

Dependency org.apache.axis:axis

Version <= 1.4


Vulnerabilities

CVE-2014-3596 Moderate severity

CVE-2018-8032 Moderate severity

Defined in pom.xml



Review all vulnerable dependencies

 

Warning!

javaee / external

Known security vulnerabilities detected

Dependency org.apache.axis:axis

Version <= 1.4


Vulnerabilities

CVE-2014-3596 Moderate severity

CVE-2018-8032 Moderate severity

Defined in pom.xml



Review all vulnerable dependencies

 

Eclipse EE4J organization

 

Warning!

eclipse-ee4j / tyrus

Known security vulnerabilities detected

Dependency org.eclipse.jetty:jetty-server

Version < 9.2.25.v20180606

Upgrade to ~> 9.2.25.v20180606

Vulnerabilities

CVE-2017-7657 Critical severity

CVE-2017-7656 Moderate severity

Defined in pom.xml



Review all vulnerable dependencies

 

Warning!

eclipse-ee4j / grizzly-ahc

Known security vulnerabilities detected

Dependency org.eclipse.jetty:jetty-server

Version >= 9.4.0 < 9.4.11.v20180605

Upgrade to ~> 9.4.11.v20180605

Vulnerabilities

CVE-2018-12538 Moderate severity

CVE-2018-12536 Moderate severity

CVE-2017-7656 Moderate severity

Defined in pom.xml



Review all vulnerable dependencies

Always verify the validity and compatibility of suggestions with your codebase.


 



_______________________________________________
ee4j-pmc mailing list
ee4j-pmc@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/ee4j-pmc


Back to the top